Job Description


Manager – Information / Cyber Security Compliance

Category:
Corporate Office
Location:
5501 Headquarters Dr
Plano Texas 75024
Job ID:
324628
Job Description:

JOB PURPOSE: Responsible for conducting regularly scheduled audits on internal systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. Assure the ongoing compliance of Rent-A-Center’s (RAC) information assets. Responsible for all Information Security Compliance activities for RAC and must work across the organization's functions to ensure requirements are understood and controls are implemented correctly.

 

KEY RESPONSIBILITIES:

  • Manage the compliance of and adherence to information security policies, standards, guidelines.
  • Manage all internal and external Information Security Compliance engagement activities.
  • Must keep abreast of regulatory developments within or outside of the RAC as well as evolving best practices in compliance, integrating them, where required, into daily business activities.
  • Lead and mentor the Information Security compliance staff, ensuring that all team members are given appropriate training, guidance, and career opportunities.
  • Develop a strategy to implement and maintain a centralized audit evidence repository to support all Information Security Compliance evidence gathering and maintenance activities.
  • Develop a compliance strategy in alignment with business requirements, objectives and metrics.
  • Support the Director to ensure implementation of the cyber security program remains in compliance.
  • Identify any gaps between the desired level of compliance and the current level of maturity.
  • Identify the associated IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio.
  • Monitor and report on compliance with security policies, as well as the enforcement of policies within Rent-A-Center.
  • Work with Director to establish cyber metrics to measure effectiveness and perform internal audits and assessments.
  • Leads the successful completion of audits and acts as subject matter expert regarding compliance requirements and works with all relevant teams to coordinate compliance process, documents, evidence and approvals.
  • Closing any gaps in controls and correcting control deficiencies and issues in a timely manner to help maintain a secure and compliant operating environment.

JOB REQUIREMENTS:

  • Bachelor’s degree in related field required.
  • Minimum 3 – 5 years’ experience managing security compliance in a medium to large organization.
  • Strong working knowledge of SOX controls
  • Expert understanding of data classification, data protection, and data retention standards and practices
  • Familiarity with common enterprise and web application technologies
  • Expert understanding of data protection regulations and standards including PCI DSS 3.2.1, or newer, consumer privacy (e.g., CCPA, Safe Harbor, EU Data Protection Directive, etc.)
  • Strong analytical and time management skills
  • Ability to maintain a high degree of confidentiality.
  • Solid understanding of information technology and information security including; firewalls, VPN’s, penetration testing and other security devices with an emphasis on network and endpoint security.
  • Solid understanding of security and control principles including logical access controls, change control, least privilege, segregation of duties, computer operations, network security, vulnerability management, and secure coding.
  • Knowledge of Risk Management Framework (NIST SP 800-37 and SP 800-39)
  • Ability to lead and motivate technically-skilled people.
  • Collaborates with technical teams, sales and legal services to review customer and vendor contracts to ensure that information security and compliance requirements are met and maintained.
  • Must be highly organized and detail oriented.
  • Excellent written and verbal communication skills.
  • Other duties as required by management.

 

JOB RECOMMENDED (Nice to Haves):

  •  Relevant technical certifications (CISSP, CISM, OSCP, GIAC, CCNA/CCNP Security).
  • Certified Information Security Auditor (CISA)
  • PMI Project Management Professional (PMP)
  • Payment Card Industry (PCI) Internal Security Assessor (ISA)
  • Certified Information Privacy Professional (CIPP) or Certified Information Privacy Manager (CIPM)
  • Knowledgeable on cyber threats relative to the retail industry.
  • Experience in web application security testing and protection.
  • Understanding of Technology Platforms (Windows, Mac, Open Source, Middleware Applications, Database Applications, Cisco, Adobe).

Not what you’re looking for?

Try a new search!